This is my first run at the lambda jwt-authorizer so it is probably something quite trivial but...
I have tested the lambda authorizer both in AWS Lambda and in API Gateway Authorisers test rig. Both tests are successful but when I try to secure the api endpoint at the method request only AWS_IAM authorisation is available, anyone any ideas where I have went wrong?
Turns out it was a browser refresh, went away, had a game of scrabble and lovely meal with my kids. Came back, I was logged out so the browser refreshed and the authoriser was in the drop down.
Related
I am getting 401 Unauthorized error with AWS Api Gateway and Basic Authorizer for GET methods.
The strange things seems to be that everything works if I change the method to POST.
Also an isolated test of the Authorizer works fine when using the AWS console.
It seems that the custom basic auth authorizer lambda is never called for the GET invocation.
In my scenario, Cloudfront is in front of the API as a frontend/backend proxy. And if you test the GET request via the original API gateway DNS name, everything works as expected. So something happens in cloudfront :)
I have found the solution in this great medium post.
https://dev.to/dvddpl/basic-auth-on-lambda-api-gateway-cloudfront-solving-the-401-unauthorized-error-hif
He found out that for GET requests Cloudfront removes the Authorization header field before forwarding the request to the origin.
The solution is to add the Authorization header to the whitelist of the caching behaviour.
Check the medium POST for details.
I have an api gateway that triggers a lambda method. I'm trying to hit the endpoint and I get a 500 returned, InternalServerErrorException. However, the lambda was never invoked.
When logging into the aws console, I run the test interface in the api gateway. I get a 502, InternalServerErrorException. Logs say the lambda timed out after 3 seconds. Viewing cloudwatch it's clear the lambda was invoked this time.
I can't find any documentation on why I would be getting a 500 InternalServerErrorException when hitting the endpoint and it would not invoke the lambda, but I would be able to invoke it with the test button.
Any help would be greatly appreciated. I've been struggling for a bit with this one. Thanks!
If your API is working properly with the test button, but, you are receiving this error, looks like your API is not deployed.
To deploy your API go to Actions > Deploy API:
I'm new to AWS and Node so I really appreciate everyone's suggestion on this one. Recently in my system, something strange happened. Sometimes (~20 times/ month), a lambda request got timeout. It's just a simple request in middleware for authentication (I'm using node.JS serverless). The issues is I cannot trace this request from API gateway. Sorry I'm suck at explaining things so I'm gonna put it like this:
My system's flow: CloudFront -> API Gateway -> Lambda -> RDS
Normally if I want to trace a request:
I get the requestID from Lambda's Log
And search it in the API Gateway's Log:
But for these Timeout request:
I cannot find anything at all in API Gateway's Log:
Like it appeared out of nowhere... Please help and thanks for the suggestion.
You may already be aware but API Gateway has a hard max timeout limit of 29 seconds and stops waiting for the integration to respond after that time.
The Request ID that you are pulling from the lambda logs is the lambda request ID. This is a bit of speculation but I'm guessing since the Lambda took longer than 29 seconds and never returned to API Gateway since API Gateway timed out and stopped waiting, the API Gateway never received a response from the Lambda function to know what the lambda request ID is.
There still should be some API Gateway logs for this invocation but it won't contain any of the normal integration response log lines because it never received a response from the lambda integration.
Perhaps try searching for 504 in the API Gateway logs since this is the response code when the gateway times out.
Or as AADProgramming recommends, the X Ray service was designed to help users track requests across many services so enabling that would be helpful here.
There's a lot of questions out there pertaining to "lambda" but I haven't touched that in my life, so it probably isn't relevant to this question.
All I've done so far is import a swagger json spec into AWS API Gateway and try my best to configure it to connect to my REST api.
My issue here is that when I try calling the API gateway endpoint through the test console, everything works as expected.
But then why I try querying the same endpoint from outside AWS like any end user, I get this nondescript 500 response.
The nifty thing is that since I own the backend service, I can see the logging, which clearly indicates that a successful 200 response was returned (which should be the json response shown in the first screenshot).
So now I know that it's AWS's fault that I'm getting a 500. But I'm honestly not sure what the issue could be.
Here are all relevant configuration screens for this particular endpoint.
Method Request
Integration Request
Integration Response
Method Response
If there's any screen/setting I didn't provide that would be helpful, just let me know.
TLDR, api gateway endpoint works in online console ui, but not in real life
I follows #MarkB's advice and linked API Gateway to an IAM role with permissions to write to Cloudwatch and then here's the kicker: you have to redeploy the stage to jumpstart Cloudwatch (this is actually very poorly documented, aws).
And when I found out that I had to redeploy the gateway, that's when I also conveniently discovered that for any of the configuration changes I was making to be applied, I actually had to redeploy the entire thing.
So after redeploying, everything started to work.
I'm trying to set up a very basic API, before taking the additional step of integrating Cognito. Testing the API endpoint within the AWS console works fine. However, I'm not able to get things working in Postman.
In API Gateway, I've connected an endpoint with no parameters to a Lambda function. The Lambda function returns a hard-coded, static JavaScript object. Clicking the test button here works as expected.
In the Method Execution screen, I've selected AWS_IAM for authorization and don't require an API key.
In IAM I created a user named postman and attached the AmazonAPIGatewayInvokeFullAccess policy (covering all ExecuteAPI resources, for now).
The API seems to be published correctly, since it complains when I try to access it without an Authorization header.
But when I use the AWS Signature Authoriztion type and enter postman's AccessKey and SecretKey, I get no response at all.
I'm trying to find access logs to debug, but I'm new to this part of AWS and haven't found anything yet... What am I missing? Thanks in advance.